However, it doesn't explain how exactly the password hash in that JSON document is generated. All it mentions is that it's an SHA256 hash of the password and a salt (the second base64-encoded value in the string above). Instead you're supposed to just upload the file and then change the value via the API.

I don't know about anyone else, but personally I find uploading well-known credentials (for whatever brief period of time) somewhat less than desirable. However, my attempts to replicate the hash calculation by calling sha256sum on various password + salt combinations with or without base64-encoding all failed. The resulting hashes were always considerably longer than the value in the credential string above. So I dug through the Solr source code and identified sha256() in Sha256AuthenticationProvider.java as the function that actually calculates the hash.

I took the code and wrapped it in a standalone application that accepts a password string as its argument and outputs the base64-encoded values of the password hash and the (random) salt used in the calculation.

java -jar SolrPasswordHash.jar NewPassword

Replace the credential string in security.json with the output of the above command before uploading the file into Zookeeper.

For the base64 encoding the Apache Commons Codec library is required. The source archive contains an Ant build script that will automatically download the current version of that library and then build a jar file. You can also download the pre-compiled jar file if you don't want to build it yourself.